We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

severe virus please help

Options
Hello
I would like some help please, yesterday i noticed my laptop playing up running slow and when googling it sent me to other pages etc, so did a scan via microsoft essentials it came up with a virus which was severe so did as it asked and it said to restart laptop but its not gone.

i have tried doing a highjack this and it won't load for some reason also tried using malwarebytes and that won't load either. Tried uninstalling malwarebytes and re-installing but still won't work.
all i can tell you is i'm using windows 7 and safari.

can someone please help as it has already shut laptop down once to stop damage.
have now given up smoking since feb 13th 2014 loving the money I'm saving
«13456789

Comments

  • crystal9
    crystal9 Posts: 3,813 Forumite
    Xmas Saver!
    i have managed to download and scan via superantispyware here's the log

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 10/21/2010 at 09:22 AM

    Application Version : 4.44.1000

    Core Rules Database Version : 5610
    Trace Rules Database Version: 3422

    Scan type : Complete Scan
    Total Scan Time : 00:40:25

    Memory items scanned : 697
    Memory threats detected : 0
    Registry items scanned : 9740
    Registry threats detected : 30
    File items scanned : 23490
    File threats detected : 208

    Trojan.ba3bho
    HKLM\Software\Classes\CLSID\{A17B153F-2267-4161-A165-73DCD6C31BEF}
    HKCR\CLSID\{A17B153F-2267-4161-A165-73DCD6C31BEF}
    HKCR\CLSID\{A17B153F-2267-4161-A165-73DCD6C31BEF}
    HKCR\CLSID\{A17B153F-2267-4161-A165-73DCD6C31BEF}\InprocServer32
    HKCR\CLSID\{A17B153F-2267-4161-A165-73DCD6C31BEF}\InprocServer32#ThreadingModel
    HKCR\CLSID\{A17B153F-2267-4161-A165-73DCD6C31BEF}\ProgID
    HKCR\CLSID\{A17B153F-2267-4161-A165-73DCD6C31BEF}\Programmable
    HKCR\CLSID\{A17B153F-2267-4161-A165-73DCD6C31BEF}\TypeLib
    HKCR\CLSID\{A17B153F-2267-4161-A165-73DCD6C31BEF}\VersionIndependentProgID
    HKCR\Ba3bho.ba3HelperObj.1
    HKCR\Ba3bho.ba3HelperObj.1\CLSID
    HKCR\Ba3bho.ba3HelperObj
    HKCR\Ba3bho.ba3HelperObj\CLSID
    HKCR\Ba3bho.ba3HelperObj\CurVer
    HKCR\TypeLib\{618D5397-96E4-433C-B866-C98355BF9F4D}
    HKCR\TypeLib\{618D5397-96E4-433C-B866-C98355BF9F4D}\1.0
    HKCR\TypeLib\{618D5397-96E4-433C-B866-C98355BF9F4D}\1.0\0
    HKCR\TypeLib\{618D5397-96E4-433C-B866-C98355BF9F4D}\1.0\0\win32
    HKCR\TypeLib\{618D5397-96E4-433C-B866-C98355BF9F4D}\1.0\FLAGS
    HKCR\TypeLib\{618D5397-96E4-433C-B866-C98355BF9F4D}\1.0\HELPDIR
    C:\PROGRA~1\TEXTHE~1\READAN~1\BA3BHO.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A17B153F-2267-4161-A165-73DCD6C31BEF}
    HKU\S-1-5-21-172327023-297257042-3963200388-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A17B153F-2267-4161-A165-73DCD6C31BEF}
    HKCR\Interface\{74E39141-FD38-41DE-842D-01FDDE1854C0}
    HKCR\Interface\{74E39141-FD38-41DE-842D-01FDDE1854C0}\ProxyStubClsid
    HKCR\Interface\{74E39141-FD38-41DE-842D-01FDDE1854C0}\ProxyStubClsid32
    HKCR\Interface\{74E39141-FD38-41DE-842D-01FDDE1854C0}\TypeLib
    HKCR\Interface\{74E39141-FD38-41DE-842D-01FDDE1854C0}\TypeLib#Version

    Adware.Tracking Cookie
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@uk.sitestat[1].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@serving-sys[2].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@www.googleadservices[1].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@advertising[6].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@revsci[8].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@atdmt[3].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@www.burstnet[1].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@imrworldwide[2].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@apmebf[1].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@adtech[1].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@atdmt[4].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@revsci[9].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@revsci[7].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@adtech[4].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@advertising[2].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@revsci[2].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@adserver.adtechus[2].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@doubleclick[7].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@revsci[5].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@dialaphone.122.2o7[1].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@fastclick[1].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@advertising[5].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@www.googleadservices[3].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@adserver.adtechus[1].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@www.googleadservices[2].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@ad.yieldmanager[3].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@adviva[3].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@microsoftsto.112.2o7[1].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@burstnet[2].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@doubleclick[5].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@bs.serving-sys[1].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@ad.yieldmanager[1].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@tacoda[1].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@media6degrees[2].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@serving-sys[1].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@doubleclick[4].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@content.yieldmanager[1].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@burstnetads[1].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@doubleclick[3].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@adtech[7].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@adtech[8].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@advertising[7].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@surveymonkey.122.2o7[1].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@atdmt[1].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@atdmt[2].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@adtech[9].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@adviva[2].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@122.2o7[2].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@adtech[6].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@doubleclick[2].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@e-2dj6whlowjdzakp.stats.esomniture[2].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@sesamestats[2].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@doubleclick[9].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@tacoda[2].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@ad.yieldmanager[2].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@ad.yieldmanager[5].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@revsci[4].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@bs.serving-sys[2].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@doubleclick[6].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@adviva[4].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@revsci[3].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@advertising[3].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@2o7[1].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@ad.yieldmanager[4].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@adtech[3].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@adtech[10].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@atdmt[5].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@fastclick[2].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@adtech[2].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@statse.webtrendslive[2].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@chitika[2].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@tacoda[3].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@revsci[6].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@doubleclick[8].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@adtech[5].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@atdmt[7].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@mediaplex[2].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@questionmarket[1].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@revsci[1].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@advertising[1].txt
    C:\Users\Parent\AppData\Roaming\Microsoft\Windows\Cookies\parent@doubleclick[1].txt
    .serving-sys.com [ C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\wiu40j74.default\cookies.sqlite ]
    .serving-sys.com [ C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\wiu40j74.default\cookies.sqlite ]
    .media6degrees.com [ C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\wiu40j74.default\cookies.sqlite ]
    .media6degrees.com [ C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\wiu40j74.default\cookies.sqlite ]
    .media6degrees.com [ C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\wiu40j74.default\cookies.sqlite ]
    .media6degrees.com [ C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\wiu40j74.default\cookies.sqlite ]
    .media6degrees.com [ C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\wiu40j74.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\wiu40j74.default\cookies.sqlite ]
    ad.yieldmanager.com [ C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\wiu40j74.default\cookies.sqlite ]
    .imrworldwide.com [ C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\wiu40j74.default\cookies.sqlite ]
    .imrworldwide.com [ C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\wiu40j74.default\cookies.sqlite ]
    .advertising.com [ C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\wiu40j74.default\cookies.sqlite ]
    .advertising.com [ C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\wiu40j74.default\cookies.sqlite ]
    .adbrite.com [ C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\wiu40j74.default\cookies.sqlite ]
    .adbrite.com [ C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\wiu40j74.default\cookies.sqlite ]
    .adbrite.com [ C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\wiu40j74.default\cookies.sqlite ]
    .adbrite.com [ C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\wiu40j74.default\cookies.sqlite ]
    .doubleclick.net [ C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\wiu40j74.default\cookies.sqlite ]
    .atdmt.com [ C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\wiu40j74.default\cookies.sqlite ]
    .atdmt.com [ C:\Users\Parent\AppData\Roaming\Mozilla\Firefox\Profiles\wiu40j74.default\cookies.sqlite ]
    ia.media-imdb.com [ C:\Users\the doddy family\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZ39DDF3 ]
    media.scanscout.com [ C:\Users\the doddy family\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZ39DDF3 ]
    secure-it.imrworldwide.com [ C:\Users\the doddy family\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZ39DDF3 ]
    secure-us.imrworldwide.com [ C:\Users\the doddy family\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\QZ39DDF3 ]
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@lego.112.2o7[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@advertising[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@burstnet[2].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@atdmt[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@www.googleadservices[2].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@serving-sys[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@media6degrees[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@2o7[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@fastclick[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@adtech[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@www.googleadservices[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@tribalfusion[2].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@specificclick[2].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@apmebf[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@ad.yieldmanager[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@uk.at.atwola[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@ads.gmodules[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@doubleclick[2].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@adserver.adtechus[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@bs.serving-sys[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@revsci[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@adviva[2].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@imrworldwide[2].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\Low\the_doddy_family@www.googleadservices[3].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@ads.basrv[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@advertising[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@collective-media[2].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@liveperson[3].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@kronos.bravenetmedia[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@ads.pubmatic[2].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@advertise[2].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@zanox[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@clicksor[2].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@smartadx[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@vidasco.rotator.hadj7.adjuggler[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@ad.adfunky[2].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@harrenmedianetwork[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@atdmt[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@ru4[2].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@click.searchnation[2].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@click.fastpartner[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@tradedoubler[2].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@server.cpmstar[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@www.gomeotrack[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@at.atwola[2].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@fidelity.rotator.hadj7.adjuggler[2].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@247realmedia[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@media6degrees[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@associatedcontent.112.2o7[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@adserver1.mokono[2].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@uk.findstuff[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@xml.trafficengine[2].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@questionmarket[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@fastclick[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@adtech[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@indoormedia.co[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@ehg-findlaw.hitbox[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@ad.yieldmanager[2].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@ads.smartadx[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@revsci[2].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@eas.apm.emediate[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@rotator.adjuggler[2].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@hitbox[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@user.lucidmedia[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@ads.raasnet[2].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@servedby.adxpower[2].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@overture[2].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@adxpose[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@d.dmcpmtrack[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@ds.clickexperts[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@pro-market[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@apmebf[2].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@opti.inextmedia[2].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@xm.xtendmedia[2].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@trafficengine[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@serving-sys[2].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@specificclick[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@adecn[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@uk.at.atwola[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@content.yieldmanager[3].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@liveperson[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@track.adform[2].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@tribalfusion[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@ad.harrenmedianetwork[2].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@bs.serving-sys[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@myroitracking[2].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@adbrite[2].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@server.iad.liveperson[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@casalemedia[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@adviva[2].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@content.yieldmanager[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@mediaplex[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@bizzclick[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@findlaw[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@zedo[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@tacoda[2].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@doubleclick[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@ads.myadplatform[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@ads.associatedcontent[2].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@d.reduxmedia[1].txt
    C:\Users\the doddy family\AppData\Roaming\Microsoft\Windows\Cookies\the_doddy_family@imrworldwide[2].txt

    Trojan.DNS-Changer (Hi-Jacked DNS)
    HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS#NAMESERVER
    HKLM\SYSTEM\CONTROLSET001\SERVICES\TCPIP\PARAMETERS#NAMESERVER
    HKLM\SYSTEM\CONTROLSET002\SERVICES\TCPIP\PARAMETERS#NAMESERVER

    Malware.Trace
    C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    have now given up smoking since feb 13th 2014 loving the money I'm saving
  • coxy17
    coxy17 Posts: 68 Forumite
    Have you tried starting the laptop in Safemode and then running Malwarebytes? In order to start in Safemode you need to press the F8 key when you switch the laptop on. Normally if you press it when the BIOS screen appears (where it says press ESC to enter setup, or something similar) you will be given a selection screen. Select Safemode and the computer will start with minimal services running. Hopefully that will allow you to run Malwarebytes and remove your problem.

    You will need to update Malwarebytes so use Safemode with networking if you connect to the Internet via a router.
  • crystal9
    crystal9 Posts: 3,813 Forumite
    Xmas Saver!
    coxy17 wrote: »
    Have you tried starting the laptop in Safemode and then running Malwarebytes? In order to start in Safemode you need to press the F8 key when you switch the laptop on. Normally if you press it when the BIOS screen appears (where it says press ESC to enter setup, or something similar) you will be given a selection screen. Select Safemode and the computer will start with minimal services running. Hopefully that will allow you to run Malwarebytes and remove your problem.

    You will need to update Malwarebytes so use Safemode with networking if you connect to the Internet via a router.

    thanks for your reply,

    i havn't loaded up in safe mode yet so will try this now and let you know
    have now given up smoking since feb 13th 2014 loving the money I'm saving
  • coxy17
    coxy17 Posts: 68 Forumite
    It's worth a try, also run a full virus scan while in safe mode and see what it picks up and removes. What anti-virus are you using?
  • crystal9
    crystal9 Posts: 3,813 Forumite
    Xmas Saver!
    i'm in safe mode now and downloaded malwarebytes again but it still don't work, i use microsoft anti virus
    have now given up smoking since feb 13th 2014 loving the money I'm saving
  • JJ_Egan
    JJ_Egan Posts: 20,281 Forumite
    Part of the Furniture 10,000 Posts Name Dropper
    Trojan.DNS-Changer (Hi-Jacked DNS)

    Changed your DNS ??? so you will need to check DNS once trojan cleared .

    jje
  • crystal9
    crystal9 Posts: 3,813 Forumite
    Xmas Saver!
    managed a highjack this in safe mode here's the log

    Logfile of Trend Micro HijackThis v2.0.3 (BETA)
    Scan saved at 09:46:47, on 21/10/2010
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Internet Explorer v9.00 (9.00.7930.16406)
    Boot mode: Safe mode with network support

    Running processes:
    C:\Windows\Explorer.EXE
    C:\Windows\system32\ctfmon.exe
    C:\Program Files\Safari\Safari.exe
    C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: txthlpBHO Class - {060235DC-6D84-47BD-95D7-A4EF5099A59D} - C:\PROGRA~1\TEXTHE~1\READAN~1\TE4470~1.DLL
    O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
    O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [XMA] C:\Program Files\XMA Ltd\Licenses.exe
    O4 - HKLM\..\Run: [DataCardMonitor] C:\Program Files\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
    O4 - HKLM\..\Run: [lxdqmon.exe] "C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe"
    O4 - HKLM\..\Run: [lxdqamon] "C:\Program Files\Lexmark Z2400 Series\lxdqamon.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Parent\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] "C:\Program Files\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe"
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: lxdqCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdqserv.exe
    O23 - Service: lxdq_device - - C:\Windows\system32\lxdqcoms.exe

    --
    End of file - 7607 bytes
    have now given up smoking since feb 13th 2014 loving the money I'm saving
  • crystal9
    crystal9 Posts: 3,813 Forumite
    Xmas Saver!
    JJ_Egan wrote: »
    Trojan.DNS-Changer (Hi-Jacked DNS)

    Changed your DNS ??? so you will need to check DNS once trojan cleared .

    jje

    hi jje what is DNS? then i can see if it's changed. sorry but i'm not tech savvy
    have now given up smoking since feb 13th 2014 loving the money I'm saving
  • dogmaryxx
    dogmaryxx Posts: 2,446 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    Save http://www.surfright.nl/en/hitmanpro to desktop
    Then Hold down the left CTRL-key when you start Hitman Pro and all non-essential processes will be terminated, including the malware process before the scan.
  • crystal9
    crystal9 Posts: 3,813 Forumite
    Xmas Saver!
    dogmaryxx wrote: »
    Save http://www.surfright.nl/en/hitmanpro to desktop
    Then Hold down the left CTRL-key when you start Hitman Pro and all non-essential processes will be terminated, including the malware process before the scan.
    thanks for reply
    ok have done this and a load of stuff came up to be deleted including malwarebytes just trying to do another scan and will report back
    have now given up smoking since feb 13th 2014 loving the money I'm saving
This discussion has been closed.
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 350.7K Banking & Borrowing
  • 253K Reduce Debt & Boost Income
  • 453.4K Spending & Discounts
  • 243.7K Work, Benefits & Business
  • 598.5K Mortgages, Homes & Bills
  • 176.8K Life & Family
  • 256.9K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16.1K Discuss & Feedback
  • 37.6K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.